sylling
commented
9 years ago I agree. For most agency ad servers HTTPS is available by just ticking a checkbox (but the default setup is probably HTTP).
Closed OleSan closed 9 years ago
sylling
commented
9 years ago I agree. For most agency ad servers HTTPS is available by just ticking a checkbox (but the default setup is probably HTTP).
gregersrygg
commented
9 years ago Yes please! But it should say “HTTPS over TLS”. SSL is not secure anymore, so browsers might give warnings if creatives are served over SSL instead of TLS. The servers should have 2048-bit RSA or 256-bit ECDSA private keys, and a secure cipher suite. It sounds complicated, but SSL Labs have an easy to read SSL/TLS Deployment Best Practices guide and a server test that will warn about problems.
Most sites want to migrate to HTTPS, if they haven't already. The biggest problem for almost all the sites, are that the creatives are not HTTPS compliant.
In my opinion, we should start to demand https creatives in this spec already now, so the rollout for more secure sites will be smoother.
For sites on http, this won't be a problem. Its the other way thats a problem, https-sites with http creatives.